You should not go by their statements as it (1) requires you to use native SQL in your programming code. (2) Leaves you open for SQL injection, (3) Doesn't take into account the .net infrastructure for Authentication. I can go on with more, but I think this is sufficient. Easiest, depending on what you already got is: